# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.

import datetime
import typing

from cryptography import x509
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric.ec import ECDSA
from cryptography.hazmat.primitives.asymmetric.padding import PSS, PKCS1v15
from cryptography.hazmat.primitives.asymmetric.types import (
    CertificateIssuerPublicKeyTypes,
    CertificatePublicKeyTypes,
    PrivateKeyTypes,
)
from cryptography.x509 import certificate_transparency

def load_pem_x509_certificate(
    data: bytes, backend: typing.Any = None
) -> x509.Certificate: ...
def load_der_x509_certificate(
    data: bytes, backend: typing.Any = None
) -> x509.Certificate: ...
def load_pem_x509_certificates(
    data: bytes,
) -> list[x509.Certificate]: ...
def load_pem_x509_crl(
    data: bytes, backend: typing.Any = None
) -> x509.CertificateRevocationList: ...
def load_der_x509_crl(
    data: bytes, backend: typing.Any = None
) -> x509.CertificateRevocationList: ...
def load_pem_x509_csr(
    data: bytes, backend: typing.Any = None
) -> x509.CertificateSigningRequest: ...
def load_der_x509_csr(
    data: bytes, backend: typing.Any = None
) -> x509.CertificateSigningRequest: ...
def encode_name_bytes(name: x509.Name) -> bytes: ...
def encode_extension_value(extension: x509.ExtensionType) -> bytes: ...
def create_x509_certificate(
    builder: x509.CertificateBuilder,
    private_key: PrivateKeyTypes,
    hash_algorithm: hashes.HashAlgorithm | None,
    rsa_padding: PKCS1v15 | PSS | None,
) -> x509.Certificate: ...
def create_x509_csr(
    builder: x509.CertificateSigningRequestBuilder,
    private_key: PrivateKeyTypes,
    hash_algorithm: hashes.HashAlgorithm | None,
    rsa_padding: PKCS1v15 | PSS | None,
) -> x509.CertificateSigningRequest: ...
def create_x509_crl(
    builder: x509.CertificateRevocationListBuilder,
    private_key: PrivateKeyTypes,
    hash_algorithm: hashes.HashAlgorithm | None,
    rsa_padding: PKCS1v15 | PSS | None,
) -> x509.CertificateRevocationList: ...

class Sct:
    @property
    def version(self) -> certificate_transparency.Version: ...
    @property
    def log_id(self) -> bytes: ...
    @property
    def timestamp(self) -> datetime.datetime: ...
    @property
    def entry_type(self) -> certificate_transparency.LogEntryType: ...
    @property
    def signature_hash_algorithm(self) -> hashes.HashAlgorithm: ...
    @property
    def signature_algorithm(
        self,
    ) -> certificate_transparency.SignatureAlgorithm: ...
    @property
    def signature(self) -> bytes: ...
    @property
    def extension_bytes(self) -> bytes: ...

class Certificate:
    def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: ...
    @property
    def serial_number(self) -> int: ...
    @property
    def version(self) -> x509.Version: ...
    def public_key(self) -> CertificatePublicKeyTypes: ...
    @property
    def public_key_algorithm_oid(self) -> x509.ObjectIdentifier: ...
    @property
    def not_valid_before(self) -> datetime.datetime: ...
    @property
    def not_valid_before_utc(self) -> datetime.datetime: ...
    @property
    def not_valid_after(self) -> datetime.datetime: ...
    @property
    def not_valid_after_utc(self) -> datetime.datetime: ...
    @property
    def issuer(self) -> x509.Name: ...
    @property
    def subject(self) -> x509.Name: ...
    @property
    def signature_hash_algorithm(
        self,
    ) -> hashes.HashAlgorithm | None: ...
    @property
    def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
    @property
    def signature_algorithm_parameters(
        self,
    ) -> None | PSS | PKCS1v15 | ECDSA: ...
    @property
    def extensions(self) -> x509.Extensions: ...
    @property
    def signature(self) -> bytes: ...
    @property
    def tbs_certificate_bytes(self) -> bytes: ...
    @property
    def tbs_precertificate_bytes(self) -> bytes: ...
    def __eq__(self, other: object) -> bool: ...
    def __hash__(self) -> int: ...
    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
    def verify_directly_issued_by(self, issuer: Certificate) -> None: ...

class RevokedCertificate: ...

class CertificateRevocationList:
    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
    def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: ...
    def get_revoked_certificate_by_serial_number(
        self, serial_number: int
    ) -> RevokedCertificate | None: ...
    @property
    def signature_hash_algorithm(
        self,
    ) -> hashes.HashAlgorithm | None: ...
    @property
    def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
    @property
    def signature_algorithm_parameters(
        self,
    ) -> None | PSS | PKCS1v15 | ECDSA: ...
    @property
    def issuer(self) -> x509.Name: ...
    @property
    def next_update(self) -> datetime.datetime | None: ...
    @property
    def next_update_utc(self) -> datetime.datetime | None: ...
    @property
    def last_update(self) -> datetime.datetime: ...
    @property
    def last_update_utc(self) -> datetime.datetime: ...
    @property
    def extensions(self) -> x509.Extensions: ...
    @property
    def signature(self) -> bytes: ...
    @property
    def tbs_certlist_bytes(self) -> bytes: ...
    def __eq__(self, other: object) -> bool: ...
    def __len__(self) -> int: ...
    @typing.overload
    def __getitem__(self, idx: int) -> x509.RevokedCertificate: ...
    @typing.overload
    def __getitem__(self, idx: slice) -> list[x509.RevokedCertificate]: ...
    def __iter__(self) -> typing.Iterator[x509.RevokedCertificate]: ...
    def is_signature_valid(
        self, public_key: CertificateIssuerPublicKeyTypes
    ) -> bool: ...

class CertificateSigningRequest:
    def __eq__(self, other: object) -> bool: ...
    def __hash__(self) -> int: ...
    def public_key(self) -> CertificatePublicKeyTypes: ...
    @property
    def subject(self) -> x509.Name: ...
    @property
    def signature_hash_algorithm(
        self,
    ) -> hashes.HashAlgorithm | None: ...
    @property
    def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
    @property
    def signature_algorithm_parameters(
        self,
    ) -> None | PSS | PKCS1v15 | ECDSA: ...
    @property
    def extensions(self) -> x509.Extensions: ...
    @property
    def attributes(self) -> x509.Attributes: ...
    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
    @property
    def signature(self) -> bytes: ...
    @property
    def tbs_certrequest_bytes(self) -> bytes: ...
    @property
    def is_signature_valid(self) -> bool: ...
    def get_attribute_for_oid(self, oid: x509.ObjectIdentifier) -> bytes: ...

class PolicyBuilder:
    def time(self, new_time: datetime.datetime) -> PolicyBuilder: ...
    def store(self, new_store: Store) -> PolicyBuilder: ...
    def max_chain_depth(self, new_max_chain_depth: int) -> PolicyBuilder: ...
    def build_client_verifier(self) -> ClientVerifier: ...
    def build_server_verifier(
        self, subject: x509.verification.Subject
    ) -> ServerVerifier: ...

class VerifiedClient:
    @property
    def subjects(self) -> list[x509.GeneralName] | None: ...
    @property
    def chain(self) -> list[x509.Certificate]: ...

class ClientVerifier:
    @property
    def validation_time(self) -> datetime.datetime: ...
    @property
    def store(self) -> Store: ...
    @property
    def max_chain_depth(self) -> int: ...
    def verify(
        self,
        leaf: x509.Certificate,
        intermediates: list[x509.Certificate],
    ) -> VerifiedClient: ...

class ServerVerifier:
    @property
    def subject(self) -> x509.verification.Subject: ...
    @property
    def validation_time(self) -> datetime.datetime: ...
    @property
    def store(self) -> Store: ...
    @property
    def max_chain_depth(self) -> int: ...
    def verify(
        self,
        leaf: x509.Certificate,
        intermediates: list[x509.Certificate],
    ) -> list[x509.Certificate]: ...

class Store:
    def __init__(self, certs: list[x509.Certificate]) -> None: ...

class VerificationError(Exception):
    pass
